Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CTO Reflections: Surpassing quantum encryption

Michael Xie, Founder, President and Chief Technology Officer, Fortinet | March 3, 2015
Michael Xie of Fortinet discusses the concept of a holy grail in IT security and explains why industry collaboration, rather than an esoteric technology like quantum encryption, may be the answer.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

IT security is a fast moving and exciting field to be in. Fascinating industry news greets me almost every morning.

Recently I read that the University of Science and Technology of China in Hefei, China is leading a project to build the world's longest quantum communication network stretching 2,000km between Beijing and Shanghai by 2016. The builders hope to give completely secure communication to users though quantum encryption.

That's certainly a big ambition.

A quantum communication network is, in theory, unbreakable. Any attempt to intercept the encryption key would alter the physical status of the quantum data, or qubits, and trigger an alert to the communicators. Currently, there are several other labs in various countries around the world are looking to tap into this technology.

Is quantum encryption the holy grail of IT security, if such a pinnacle exists? I can certainly relate to the quantum encryption developers' dogged pursuit of unhackable security technology, but that doesn't stop me from asking if one single technology — no matter how perfect — can be the be-all and end-all solution to one of the most complex problems facing mankind today.

I can see two hurdles standing between quantum encryption and widespread adoption — the cost-benefit proposition, and more importantly, the existence of weak links in other parts of the security system even if quantum encryption itself is impenetrable.

Are the Benefits Worth the Cost?

There are no clear indications of quantum encryption's costs yet but it's likely to be high, especially at the initial stages when the technology is immature and the pool of users is small. Businesses are all about increasing profit and reducing expenditure — low cost encryption technologies that are secure enough for most enterprise applications already exist today. So how will organisations justify the big jump in costs for moving to quantum encryption?

Your Enterprise is as Secure as its Weakest Link

The tougher challenge lies in the fact that security is an interconnected system, not an isolated jigsaw piece. If quantum encryption is really hard to crack, cybercriminals will look for a weaker link in the security system to target. They could, for instance, use social engineering to gain knowledge on how to access confidential data, or they could, like most hackers do today, plant malicious software in end-users' computers to steal their data when it is at rest.

Since quantum encryption only promises to protect data in motion — which is just one link of the entire security chain — labeling it as an "unbreakable security" technology is overreaching. Many technologies lie beyond quantum encryption, and many domains lie beyond technology.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.